CVE-2024-0675 MEDIUM

CVE-2024-0675: Improper checking for unusual or exceptional conditions vulnerability in Lamassu Bitcoin ATM Douro machines

Vendor Lamassu
Product Bitcoin ATM Douro machines
Weakness CWE-754
Published January 30, 2024
Last update August 23, 2024

CVSS base score

6.3/10
Attack vector Physical
Attack complexity High
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user.

Key dates

02Disclosure timeline

January 30, 2024 CVE published
August 23, 2024 Record updated